Home/ Questions/Q 6937871
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T12:25:10+00:00

I’ve got a site which I created in Rails 3.0 with devise & cancan

  • 0

I’ve got a site which I created in Rails 3.0 with devise & cancan installed. This application holds a list of just over 4000 people in which members can view. Very few of the people in the database are members.

Is there a way to allow the 4000 people access to update only their profile without having to make them a user?

My current thinking is that I will have three roles (admin, member and updater). The updater role will only have access to their profile and that’s it. I will restrict this using cancan.

Is this the best way to do this?
I could randomly generate a password and email out a link to edit their profile in an email, when they click on it my program could ask for their login details and away they go. I was just thinking if their was a better way of doing this without the need to generate so many users.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Add a column to your profile model with a randomly generated password, then have a link to edit the profile email that password to the email address on file to edit.

    class Profile < ActiveRecord::Base
  def generate_edit_key!
    self.edit_key = rand(9999999999)
    save
  end
end

class ProfilesController < ApplicationController
  def request_edit_key
    @profile = Profile.find(params[:id])
    @proifle.generate_edit_key!
    ProfileMailer.edit_profile_request(@profile).deliver
    redirect_to @profile, :notice => 'Mail sent to profile owner'
  end
  def edit
    if current_user
      @profile = current_user.profile
    else
      @profile = Profile.find_by_id_and_edit_key(params[:id], params[:edit_key])
    end
  end
end

class ProfileMailer < ActionMailer::Base
  def edit_profile_request(profile)
    mail(:to => profile.email,
         :subject => 'Edit your profile',
         :body => "<%= link_to 'Click to edit' edit_profile_url(profile, :edit_key => profile.edit_key) %> If you didn't request this, please ignore.")
end
    • 0